Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Red Hat: RHSA-2005:176-01 Critical: Firefox Memory Exploit Advisory

red hat
Calendar Grey March 1, 2005
Dist Redhat Esm H88
Important updates for Firefox addressing multiple security vulnerabilities have been released for Red Hat. All users are encouraged to upgrade.
Updated firefox packages that fix various bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

147727 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527) 149876 - CAN-2005-0255 Memory overwrite in string library 147735 - CAN-2005-0231 firefox javascript tab security bypass 147402 - CAN-2005-0233 homograph spoofing 142506 - CAN-2004-1156 Frame injection vulnerability. 144216 - CAN-2005-0585 download dialog URL spoofing 149923 - CAN-2005-0578 Unsafe /tmp/plugtmp directory exploitable to erase user's files 149929 - CAN-2005-0584 HTTP auth prompt tab spoofing 149930 - CAN-2005-0586 Download dialog spoofing using Content-Disposition header 149931 - CAN-2005-0588 XSLT can include stylesheets from arbitrary hosts 149934 - CAN-2005-0589 Autocomplete data leak 149936 - CAN-2005-0590 Install source spoofing with user:pass@host 149937 - CAN-2005-0591 Spoofing download and security dialogs with overlapping windows 149938 - CAN-2005-0592 Heap overflow possible in UTF8 to Unicode conversion 149939 - CAN-2005-0593 SSL "secure site" indicator spoofing

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS: 8a6aedb095f62077e64124ddc577b9fb firefox-1.0.1-1.4.3.src.rpm

i386: b892ffeb126d1ef24f2c9059650d1000 firefox-1.0.1-1.4.3.i386.rpm

ia64: 303645b51596c4d7d0f0de81c3efdf4b firefox-1.0.1-1.4.3.ia64.rpm

ppc: 7b3535d928649b7e2ae3c594fa4635bd firefox-1.0.1-1.4.3.ppc.rpm

s390: 73ea97180b4ca648b996c3e33e4b8ed8 firefox-1.0.1-1.4.3.s390.rpm

s390x: 5cacc37451e98bcc57134d5e4fb9542b firefox-1.0.1-1.4.3.s390x.rpm

x86_64: 5d826defe063b94510651a6b68e6e719 firefox-1.0.1-1.4.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: 8a6aedb095f62077e64124ddc577b9fb firefox-1.0.1-1.4.3.src.rpm

i386: b892ffeb126d1ef24f2c9059650d1000 firefox-1.0.1-1.4.3.i386.rpm

x86_64: 5d826defe063b94510651a6b68e6e719 firefox-1.0.1-1.4.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: 8a6aedb095f62077e64124ddc577b9fb firefox-1.0.1-1.4.3.src.rpm

i386: b892ffeb126d1ef24f2c9059650d1000 firefox-1.0.1-1.4.3.i386.rpm

ia64: 303645b51596c4d7d0f0de81c3efdf4b firefox-1.0.1-1.4.3.ia64.rpm

x86_64: 5d826defe063b94510651a6b68e6e719 firefox-1.0.1-1.4.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: 8a6aedb095f62077e64124ddc577b9fb firefox-1.0.1-1.4.3.src.rpm

i386: b892ffeb126d1ef24f2c9059650d1000 firefox-1.0.1-1.4.3.i386.rpm

ia64: 303645b51596c4d7d0f0de81c3efdf4b firefox-1.0.1-1.4.3.ia64.rpm

x86_64: 5d826defe063b94510651a6b68e6e719 firefox-1.0.1-1.4.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key#package

Summary

References

https://www.mozilla.org/en-US/security/known-vulnerabilities/ https://www.cve.org/CVERecord?id=CVE-CAN-2004-1156 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0231 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0232 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0233 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0255 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0527 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0578 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0584 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0585 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0586 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0588 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0589 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0590 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0591 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0592 https://www.cve.org/CVERecord?id=CVE-CAN-2005-0593

Package List


Severity
critical
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2005:176-01
Issue date: 2005-03-01
Updated on: 2005-03-01
Product: Red Hat Enterprise Linux

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

Bugs Fixed

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here